You might have heard the statistic: in just about any size company, fraud claims between five and ten percent of annual revenue. Some fraudulent activity comes from external sources (such as cyber breaches or theft), but a good amount of fraud can come from within the ranks of the company itself.
As ACL recognizes International Fraud Awareness Week, sponsored by the Association of Certified Fraud Examiners (ACFE) through November 19, 2016, we are taking a closer look at how employees most often take advantage of internal systems for their own personal gain, and what organizations can do to reduce their exposure to these risks of fraud.
Most managers probably don’t think that much about the likelihood of fraud carried out by people on their teams. They spend most of their time thinking about how to achieve their objectives and get the job done. Even the most demanding boss tends to trust the basic integrity of the people working with them. These are likely to be among the many reasons employee fraud occurs, and often remains undiscovered.
So, what are the some of the common frauds by employees that managers and executives should bear in mind? How do they to find out if fraudulent activities have occurred?
Corporate Purchasing Cards (P-Cards)
The use of corporate credit cards or purchasing cards can make good business sense. They dramatically reduce the costs of the typical purchase order and payment cycle for smaller expense and procurement items. However, they are particularly prone to abuse by employees. Maybe that recent corporate card purchase of a high-end large screen computer monitor was fully justified and helped improve the employee’s productivity—but what if the monitor ended up with the employee’s child who loved computer gaming? What about the $5,000 spent at Home Depot for “office improvements” by the branch supervisor? Perhaps the supervisor now has a greatly improved recreation room. What about duplicate purchases? Was one valid and one for personal use?Of course, all purchases and expenses made through a P-Card should be approved by an
Of course, all purchases and expenses made through a P-Card should be approved by an authorized manager. But that’s where the control weaknesses often appear. If a senior manager has to approve the monthly use of P-Cards for 50 or more employees, are they really going to spend the time to ensure every item was justified?There is a relatively simple answer to this problem. Credit card companies provide detailed data for every transaction that takes place. The data can be
There is a relatively simple answer to this problem. Credit card companies provide detailed data for every transaction that takes place. The data can be analyzed to identify many indicators of fraud. Merchant Category Codes can be checked and anything that seems dubious can be highlighted for review. There have been cases where one employee used their corporate card to spend thousands on psychic readings, while another purchased a cow at an auction for their hobby ranch.
Travel and Entertainment (T&E) Expenses
The risks of fraud in P-Card systems can also be applied to travel and entertainment expenses. The opportunities for fraud are very similar in terms of expensing personal costs to the business. Additionally, duplicate charges may signal fraud; for example, multiple employees charge for the same lavish entertainment of a key client. Was that expensive trip to Florida for a “client meeting” really justified when it was during spring break and overlapped with vacation days?
Again, it is a relatively simple process to analyze data to find the red flags of duplicate charges and expense claims that just don’t seem right.
Vendors and the Purchase to Pay Process
Vendor systems and the purchase-to-pay process also pose a number of fraud risks. Employees can set up “phantom vendors” in order to process fraudulent invoices for non-existent goods and services, and then have payments made to bank accounts controlled by the employee.
Employees can also collude with vendors and approve the purchases of goods and services at grossly inflated prices. The vendors may express their appreciation by shipping some goods directly to the employee’s home.
There are various ways to check for these activities. For example, vendor addresses can be analyzed to identify fictitious addresses or to see if they happen to match an employee address. Vendor prices for goods and services can be analyzed in detail to find instances in which prices for specific items are far from the statistical norms.
Payroll fraud risks tend to increase in relation to the size of the organization. It may be a simple job to keep watch over a department with only a hundred employees in one location. But what happens when there are hundreds or thousands of employees spread across multiple locations? How do you know that every person on the payroll actually came to work and did their job? A lot of trust is typically put in departmental and regional management to ensure that individuals on the payroll are still valid, contributing employees.
Some supervisors may be tempted to set up friends and relatives as employees and share the payroll proceeds. Even if the employee does turn up for work—what if the supervisor generously approves very large bonuses and overtime payments?
One way to keep an eye on things is to analyze employee activity records, such as electronic access and security records. How often was the employee logged on to corporate systems? How often was a swipe card used to access corporate premises? How do records for overtime hours compare to login and physical access records?
When thinking of anti-fraud measures, people tend to focus on the expense side of things. But there are also plenty of opportunities for employee fraud on the income side. Say a sales executive pushes through a large sale at period end, and picks up a nice commission and bonus payment. Then, after about a month, the sale is reversed and a credit note is issued. What happens to the commission and bonus? Who makes sure that those are reversed as well?
The opportunities for collusion with customers tend to mirror those with vendors. A sales person may provide extremely generous pricing discounts in return for a kick-back, and somehow half of the goods shipped to the customer happen to make their way to the salesperson’s home.
Analyses of discounts, pricing, sales reversals and credit notes and terms can identify many indicators of fraud. These are the same analyses that can match shipping addresses with employee addresses.
Evading approval controls by managers
One of the key anti-fraud controls in almost any business process area is management approval. Managers are trusted to review and approve purchases and expenses in their areas—but only to a certain degree. There are approval limits depending on the level of manager and budget responsibility. The risk of a large fraudulent expense getting approved by a manager is presumably limited if, for example, they are only authorized to approve purchases up to $50,000. Yet, if a manager approves five purchases for $49,000 each, they might really be approving a fraudulent purchase of $245,000.
Scrutinizing data for this form of “split” approvals is a simple but effective task.
Incidentally, one of my personal favorites for innovative ways to see if the management approval process is working properly is to analyze the time stamp data for when a manager approves a monthly corporate card charge for employees. In one case, the analysis showed that a manager had approved a very large number of charges within about 80 seconds—not exactly reassuring that appropriate due diligence had taken place!
Whether it’s data analytics or forensic accounting, we encourage all companies, large and small, to use any and all available resources to stamp out fraud, reduce waste and optimize performance.